Modern virus-like programs first emerged on microcomputers in the 1980s. In 1984 Dr. Fredrick Cohen first defined the term virus as "a program that is able to infect other programs by modifying them to include a possibly evolved copy of it" highlighting the evolution property of viruses. According to Symantec, one of the leading anti-virus software designers, computer viruses are "a parasitic program written deliberately to infiltrate a computer without the user's consent."
A virus is usually disguised as a harmless file which makes it hard to detect. It can be transmitted as downloads, attachments to an email, or through portable storage devices.
The virus attaches to files or boot sectors and replicates itself and continues to spread. Some viruses only replicate, others can affect program and system performance, lead to loss of information, corrupt system files and programs, damage your boot sector or steal information or documents from your computer or network.
When a virus spreads through a computer it goes through four phases:
- Dormant Phase: Not all viruses contain this stage where the virus is idle; until it is activated by some event (a date or another program file).
- Propagation phase: The virus clones itself into other programs and sectors/areas in the system which also enters the propagation phase.
- Triggering phase: The virus activates performing the function it was intended to. This stage can be caused by a number of events (number of copies or system events).
- Execution phase: The function is performed leading to a harmless message on screen or destruction of programs and data.
Parasitic virus: The most common form of virus, which attaches itself to executable files and replicates into other executable files thereby infecting them.
Memory-resident virus: Lodges in main memory as part of a resident system program. Then the virus infects every executed program.
Boot sector virus: Infects a Master Boot record or boot record and spreads when the system is booted using an infected diskette.
Stealth virus: Viruses that are designed to camouflage itself to avoid detection from antivirus software.
Polymorphic virus: Changes its virus signature by mutating consistently as it multiples and infects a new file.
Metamorphic virus: A Virus that mutates with every infection by rewriting itself completely; increasing the chance of detection and changing their behaviour and appearance.
The types of viruses can be characterized into Three Major Classes:
File infectors, as the name implies, infects the files on a computer. This is one of the most common viruses and has been known to exact substantial damage. Types include appending viruses, prepending viruses, overwriting viruses, random overwriting viruses, cavity viruses, fractionated cavity viruses, compressing viruses, classic parasitic viruses and many more.
Most of file infectors function similarly. Once an infected file is executed, either by the user or by itself, the virus copies the file into a section where it can be executed, in most cases the RAM. Initially the malicious code runs while the infected file remains inactive. Then it replicates itself in locations independent from the infected area, allowing it to continue infecting files as the user operates other programs. Subsequently the virus gives control back to the infected file. Once another application is started, the inactive virus continues to run again. It then inserts a replica of itself into files that were formerly uncorrupted; this enables the sequence to repeat continuously.
Boot sector viruses (Boot Sector, Master Boot Record and Multi-part viruses) infect the boot records and boot sections of a computer. Boot viruses can infect a computer regardless of the operating system (OS) and is spread usually via diskettes or pirated software applications. OS are loaded from a diskette, hard drive, CD, or the network via network adapters. All disks and hard drives comprise of smaller segments called the boot which carries the Master Boot Record [operates to read and load the operating system]. Boot viruses take advantage of this boot process of PCs.
If an OS is booted using an infected diskette the virus spreads to the boot sector. The virus is executed once the system re-boots. Once the hard drive is infected all diskettes that are used will become infected. When the computer is infected the computer will often function normally for a while. Eventually, the virus will allocate itself to different sectors and eventually initiate a wave of infection, leading to the malfunctioning of boot requests; giving rise to future attacks.
Multipartite viruses: a hybrid of Program and Boot Sector viruses transferred through infected program files and infects the boot record. When the computer reboots the hard drive and other programs are infected.
Micro Viruses are infections that are embedded macro language written into word processing applications, mostly Microsoft office products such as Word or Excel. Macros are a sequence of commands that help automate repetitive tasks.
A macro virus can infect virtually any system running word processing software including Mac OS X, Windows and other Microsoft Word compatible platforms. A macro virus may be spread through email attachments, floppy disk, network, and malicious websites.
The virus seeks to substitute the original macro codes with its malicious code tagging the substitute code with the similar name and functions when the function is executed. Most macro viruses execute automatically without the user's knowledge when a document is opened and closed or when a macro is invoked. When executed, the macro virus inserts itself into other documents and templates.It also arranges to infect files that will be created eventually.Depending on its access to resources, a macro virus can harm other sections of the system or network.This will occur when the infected documents are shared between other users and devices.
Macro viruses are fairly recent and may sneak by the antivirus software if not updated. When infected the computer runs slower, prompts for a password on a file that doesn't require one and display unusual error messages or saved documents are displayed as templates.